/**
* Logout
*
* @access public
*/
function &logout() { // STATIC VOID METHOD
global $projectFolderName, $projectURLPath, $willAuthenticate, $willBasicAuthenticate, $projectAcronym;
if ($willAuthenticate || $willBasicAuthenticate) setcookie("$projectFolderName", '', time() - 86400, '/'); // DELETE COOKIE
foreach ($_SESSION as $key => $val) {
if (preg_match("/^{$projectAcronym}_/i", $key)) {
unset($_SESSION[$key]); // DELETE ALL PROJECT SESSION VARIABLES
session_unregister("$key"); // DELETE FROM THE SESSION FILE REFERENCED BY $PHPSESSID
}
}
if ($willBasicAuthenticate) {
unset($_SERVER['PHP_AUTH_USER']);
unset($_SERVER['PHP_AUTH_PW']);
if (preg_match('/IIS/i', $_SERVER['SERVER_SOFTWARE'])) unset($_SERVER['HTTP_AUTHENTICATION']);
}
header('Pragma: no-cache'); // ENSURE CLIENT-SIDE CACHE FLUSHING
$dest = 'http://' . $_SERVER['SERVER_NAME'] . "$projectURLPath/index.php";
header("Location: $dest"); // DEFAULT REDIRECT TO MAIN PAGE
exit();
}
I am trying to use my logout method to successfully delete cookies, session variables and redirect, and, it only redirects.
The cookies are intact, the session variables are intact, the session file referenced by PHPSESSID is intact, yet you can easily redirect, and since everything is intact, you are not prompted to login again.
This works if I don't use Basic Authentication to login:
my login script:
/*--------------------------------------------------------------------------------------------
This function will utilize the ability to use HTTP-based WWW
Authentication, checking for the global authorized password against
the password entered in the client project's CSV file. Will not function
unless this password exists.
See [url]http://www.php.net/manual/en/features.http-auth.php[/url] for more
info
---------------------------------------------------------------------------------------------*/
if (!function_exists('authenticate')) { // FUTURISTIC: IN CASE AN "authenticate" PHP FUNCTION IS MADE PART OF CORE IN THE FUTURE
function authenticate() {
global $username, $password, $projectFullName;
if ($password && preg_match('/IIS/i', $_SERVER['SERVER_SOFTWARE']) && $_SERVER['HTTP_AUTHORIZATION']) {
list($user, $pw) = explode(':', base64_decode(substr($_SERVER['HTTP_AUTHORIZATION'], 6)));
if ($user === $username && $pw === $password) return true; // AUTHENTICATION SUCCESSFUL WITHIN IIS WITH ISAPI
}
if ($_SERVER['PHP_AUTH_USER'] && $password &&
$_SERVER['PHP_AUTH_USER'] === $username && $_SERVER['PHP_AUTH_PW'] === $password
) return true;
if ($password) {
header("WWW-Authenticate: Basic realm=\"$projectFullName: " . $_SERVER['PHP_AUTH_USER'] . '"');
header('HTTP/1.0 401 Unauthorized');
echo "You must enter a valid login ID and password to access the $projectFullName\n";
die();
}
}
}
I can log in, log back out, log in again and then that's it, I'm permanent, I can never log out again!
Any ideas?
Thanx
Phil
